# Human Rights Protocol Considerations (hrpc) research group, IRTF, IETF 118   {#human-rights-protocol-considerations-hrpc-research-group-irtf-ietf-118}

## Welcome and Introduction: Intro and Note Well - 10 min   {#welcome-and-introduction-intro-and-note-well---10-min}

## Talk: Internet connectivity in Gaza - Ahmad Alsadeh, ISOC Palestine - 30 min   {#talk-internet-connectivity-in-gaza---ahmad-alsadeh-isoc-palestine---30-min}

No questions/discussion.

## Talk: Tech standards and human rights - OHCHR - 30 min   {#talk-tech-standards-and-human-rights---ohchr---30-min}

(No slides) Link to the report presented:
https://www.ohchr.org/sites/default/files/documents/hrbodies/hrcouncil/sessions-regular/session53/advance-versions/A\_HRC\_53\_42\_AdvanceEditedVersion.docx

*   How is OHCHR expanding its work in this area?
*   What about SDOs that don't act like businesses?

OHCHR plans to hire an additional staff member.

Our analysis applies to all SDOs; we make a distinction for legal
reasons.

*   An additional danger: forum-shopping. There are many paths to
    standardization, and it's antidemocratic for states to delegate to
    less-transparent bodies.

There would be opposition to OHCHR being able to determine where you can
go for standardization.

*   Tension: Sufficient participation in standards-setting v. states
    exerting more control. Has there been outcome-based analysis of how
    states interface with standards-setting?

There hasn't been. It's a question of how things play out in practice.

*   How can we turn these from "nice to haves" to requirements? Does it
    work to start from the UN sustainable development goals?
*   Have you developed any recommendations that are SDO-specific? Do you
    have any specific asks of the IETF?

hrpc and many individuals have done great work. It would be great to see
this approach adopted more widely within the community.

*   It's challenging for SDOs to monitor for *impact* once their
    standards have been published. It would be interesting for SDOs to
    think about how they can close that loop.
*   See also RFC 8280 and new draft guidelines.

## Talk: Tech-assisted gender-based violence - Stephanie Mikkelson, UNFPA - 30 min   {#talk-tech-assisted-gender-based-violence---stephanie-mikkelson-unfpa---30-min}

*   These are important ideas. What is the overlap with the IETF's work?

This is very high-level ideas and principles that we can apply
throughout our work. How do you handle consent and privacy?

(See also: the draft on intimate-partner violence and compare to
analyzing censorship techniques in terms of low-level network access,
etc.)

*   IETF people can be knowledgeable about encryption without being
    knowledgeable about real-world threat models. Please do contribute
    that knowledge.
*   Is the weaponization of the freedom of speech relevant?

We've worked with the special rapporteur on the freedom of expression.

*   There's an ongoing "tussle" in the IETF between privacy concerns and
    identity requirements. For example, whether an identity is full or
    pseudonymous becomes an operational issue for law-enforcement
    access.

*   We could learn from your principles on participatory design. We
    don't know how to *effectively* include participation from the most
    *affected* people in these issues, transparently but without
    necessarily involving them publicly.

Engaging survivors in a safe and ethical way is our space. Participatory
and inclusive doesn't mean going to your local hotline or someone you
know. One in three women is a survivor of gender-based violence. We have
ethical guidelines that speak specifically to how to do this.

*   More support for considering real-world threat models as well as
    protocol-level encryption. Slides 13–15 are especially valuable on
    the safety/security/privacy triangle. How is the Venn diagram of
    threat actors built?

*   Do you have examples of changing the power dynamics of technology
    that we can take to the technical level?

We're doing monitoring for the [https://www.gbvims.com/][1] framework
now.

(Help desks and hotlines are increasingly being embedded within shelters
to share this knowledge for serving end users.)

## Updates (5 minutes each)   {#updates-5-minutes-each}

### draft-celi-irtf-hrpc-ipvc   {#draft-celi-irtf-hrpc-ipvc}

*   Overview of the draft: adopted by the working group for community
    review

*   An additional threat to consider: image disclosure. Additional
    outcomes: loss of job/livelihood; death. Also consider that children
    are often used to get access to an intimate partner. Also IoT
    devices.

### draft-irtf-hrpc-association   {#draft-irtf-hrpc-association}

*   Back in the research group with suggested changes and two possible
    paths forward
*   Request for the research group to weigh in and volunteer to
    contribute

*   Suggest considering the impact of self-censorship on online
    association.

*   The suggestion to make this an essay may reflect a question about
    different kinds of research. These are some illustrative examples
    and topics.
    *   Could be addressed by rephrasing to avoid claiming it's more
        comprehensive/systematic than it is.
    *   Is there a problem with the methodologies themselves? Or can we
        document better what the methodologies were?
    *   It would be better to explain why the specific examples were
        chosen out of a literature review.
    *   (Chat:) Different disciplines have different standards/styles
        for literature reviews.



[1]: https://www.gbvims.com/